Perennial ad-tech critic Johnny Ryan has unleashed a four-point assessment of Google’s “FLoC” plan to to put advertising-interest cohort technology in its Chrome browser. Overall, the Irish-based advocate says Google has released too little information to determine if the system, as revealed so far, will be a privacy improvement over third-party cookies.

“Google has not yet provided sufficient information for one to judge whether its new advertising system will end the enormous data free-for-all among thousands of companies active in the online advertising industry,” Ryan wrote in a richly footnoted email and identical blog posting on the website of the Irish Council of Civil Liberties, where he works. “It relies on privacy safeguards such as ‘trusted servers’, isolating data on the person’s device, and targeting groups of people rather than individuals.”  These are “vaguely described,” Ryan says.  He calls for regulators to investigate and get more info from Google, adding:

• The “trusted servers” will receive information about everyone, upon as-yet undisclosed principles, and will be responsible for delivering ads, reporting to advertisers and website owners. “Google does not appear to describe how this could be done without compromising privacy,” Ryan writes.
• It’s not clear who will control the methods of creating “interest groups” within each user’s Chrome browser — Google, publishers, advertisers or what. This raises a question, according to Ryan and others, whether interest cohorts could be formed around interests that could be used in discriminatory ways.

Ryan is not the only person concerned about Goggle’s FLoC.  “This is a massive competitive power grab by Google targeted towards other ad networks, masquerading as privacy,” wrote Johannes Ernst, of Indie Computer Corp., on an email list of ProjectVRM at the Harvard Berkman Klein Center. “Because Google still knows who you are — you are still logged into it — but nobody else does — because the cookies went away. Therefore, going through Google ad networks will continue to be perfect targetable (if you let Google do the matching), but everybody else’s will only be a ‘cohort’ and Google can make those cohorts as good or bad as they like.”

And on his personal blog, ex-Mozilla engineer and editor Don Marti, now working for CafeMedia, wrote a satirical impression on how browser “FLoC” data cohorts could be misused. “In one important way, FLoC is worse than third-party cookies,” Marti says in an email. “Any site can check the user’s cohort. If you run an evil site, and want to use third-party cookies to profile your users, you have to enter into a contractual relationship with some company that has scripts or pixels on many other sites in order to get the third-party cookie data. With FLoC, the evil site can just call one JavaScript function and know the user’s cohort, no paperwork needed.”

RELATED LINKS

• BACKGROUNDER: Google’s user-level identifier bombshell: what we know (and don’t) | Seb Joseph, DigiDay.com
• Nestlé, Unilever and Mondelēz supporters of Google’s framework for privacy-safe ads | Mike Juang and Garett Sloane, AdAge.com
• OPINION: “Stop Letting Google Get Away With It” | Shoshana Wodinsky, Gizmodo.com
• Google Says It Wants A Privacy First Web, Here’s What That Really Means | Kate O’Flaherty, Forbes.com
• Experts doubt the privacy claims of Google’s Federated Learning of Cohorts ad targeting | Caleb Chen, Privacy News Online
• EDITORIAL: Google abandons web tracking, but protecting privacy will take more | Editorial Board,   LATimes.com
• Don’t let Google’s announcement distract you from data deprecation pans | Joanna O’Connell, Tina Moffett * Fatemeh Khatibloo, Forrester Research
• Privacy experts thing Google announcement a clever ploy at consolidation | Isobel Asher Hamilton, BusinessInsider.com

IDENTITY AND TRACKING 

• Unified ID 2.0 To Enter Beta Phase | Allison Schiff, AdExchanger.com
• AUDIO: The Big Story: Unified ID 2.0 discussed | Ryan Joe, AdExchanger.com
• OPINION: Getting used to a non-identifiable world | Melinda Han Williams, Distillery via AdExchanger.com
• Big question about Unified  ID 2.0: Will consumers OK tracking by email? | Allison Schiff, AdExchanger.com
• BACKGROUND: Tech giants in brewing battle over tracking, ads | Rebecca Klar, TheHill.com
• BACKGROUND: ‘Cookies’ track your every move online. Now there’s a fight over what should replace them | Brian Fung, CNN Business
• Google Builds Integration For Programmatic Publisher Identifiers | Laurie Sullivan, PublishersDaily/MediaPost.com

CALIFORNIA PRIVACY 

• Walmart wins ruling finding CCPA doesn’t apply retroactively | Jean Tomasco, Robinson+Cole law firm
• Status of Proposed CCPA-Like State Privacy Legislation this week | David Stauss, Shelby Dolen & Malia Rogers, Husch Blackwell law firm
• What the CPRA means for corporate compliance in California | Jim Wetekamp, CorporateComplianceInsights.com
• So, what exactly is a ‘data broker’ under California privacy law? | David A. Zetoony, Greenberg Traurig LLP

STATEHOUSE WATCH 

• How targeted advertising is impacted under Virginia’s CDPA | Joe Stanganelli, MarketingLand.com
• What Virginia’s Consumer Data Protection Act means for your privacy program | Jim Halpert & Lael Bellamy, IAPP Privacy Perspectives
• New York lawmakers introduce Biometric Privacy Act | David Duffy, Thompson Coburn LLC law firm
• Utah punts privacy, creating study and positions | Mary Peiper, DigitalPrivacy.news
• Florida House subcommittee OKs privacy bill; another pending | Alfred Saikali, Shook, Hardy & Bacon law firm | RELATED STORY
• Illinois lawmakers revisit data collection privacy laws | Grace Barbic, Capital News Illinois

A former Google policy executive will announce next week a new “information fiduciary” initiative.  Richard Whitt’s goal:  Figure out how strongly the public wants to control how their personal data is collected and used, and whether they would pay a company to help them.

Silicon Valley-based Deeper Edge LLC will be designed to be a “web guardian” of end-user privacy, security and identity.  But Whitt has an initial idea to provide something of value besides privacy — a way to help people find events and activities of interest in their area and organize that data — but doing so anonymously.

The Deeper Edge website already has a 40-second teaser video, but will go live next week. Whitt has been guiding the work of a nonprofit since leaving Google, the Glia Foundation,  where he and others have probed the ideas that are now being put into practice.

An overarching intention in the long run is to ease the user’s daily online struggles, from managing passwords to fending off attacks by bad actors. In this early stage, the local events and venues interactive tracker will pour information into a personalized calendar with links.

“You tell the platform what you’re interested in as much as you want and we’ll go out and find it,” says Whitt. “But none of that data goes to the venue unless the user decides they want to do that.” It’s collected anonymously, using Deeper Edge as a proxy, in effect.

Beyond a reference implementation, says Whitt, Deeper Edge will move to be a comprehensive manager that safeguards your personal information and helps you figure out who to share it with, when and on what terms.  The Deeper Edge information fiduciary could be a newspaper, a retailer, an affinity group or something else he says.

Whitt is a senior strategy consultant to ITEGA, the sponsor of this newsletter. He is also a Mozilla Fellow.

PERSONAL PRIVACY

• New York Times editorial backs opt-in privacy requirement | Editorial Board, NYTimes.com
• EFF, Internet Society, Mozilla as ISPs to commit to basic privacy protections | Rebecca Jeschke EFF.org
• Apple now showing privacy labels for all of its apps in one central location | Filipe Espósito, 9to5.mac
• Algorithmic bias: how automated decision making has become an assault on privacy – and what to do about it | Glyn Moody, Privacy News Online
• Personal privacy risen to crescendo, Portland podcast journalist says | Vaughn Cockayne, via DigitalPrivacy.news
• Privacy and your Seattle commute: Potential dark side to city data monitoring | Kim Malcolm & Andy Hurst, KUOW.org
• Google spinoff and Portland, Ore., transit district part company over privacy | Skip Descant, Government Technology
• T-Mobile to Share Customers’ Web Browsing Data With Advertisers Unless They Opt Out | Michael Kan, PCMag.com
• BACKGROUNDER: Why Facebook and Apple are fighting over your iPhone |  Mike Snider, USAToday
• Apple Loses Bid to Move Consumer Privacy Suit to Arbitration | Joel Rosenblatt, Bloomberg.com
• Will Vaccine Passports Jump Start Travel Or Threaten Privacy? | Michael Goldstein, Fobes.com
• Amazon’s plan to install surveillance cameras in delivery vans drives lawmaker backlash | Irina Ivanova, CBSNews.com

PRIVACY SURVEYS 

• VENDOR RESEARCH: Survey of 600 phone users find strong support for privacy | John Koestier, via Forbes.com
• VENDOR RESEARCH: Entrust survey says consumers say they value their privacy, but do little to protect it | Rande Price, DigitalContentNext.com

BIOMETRIC, FACIAL PRIVACY 

• Facial recognition company sued by California activists | The Associated Press | RELATED STORY
• Activists and Rights Groups Sue Clearview AI, Warning ‘We Won’t Be Safe’ Until Facial Recognition Firm Is Gone | Brett Wilkins, CommonDreams.org
• Security camera hack exposes hospitals, workplaces, schools |  Matt O’Brien & Frank Bajak, The Associated Press
• Powerful DNA Software Used in Hundreds of Criminal Cases Faces New Scrutiny | Laura Kirchner, TheMarkup.com
• As smart city technology advances, community groups warn of privacy concerns | Amanda Brandeis, TheDenverChannel.com

A sober assessment on widening privacy concerns around digital advertising, an invitation to the public to provide by May 7 ideas about what to do to fix it, and an appeal from U.S. Sen. Ron Wyden highlighted the annual leadership meeting of the Interactive Advertising Bureau (IAB) this week.

Because of privacy concerns and regulation, the traditional value exchange of ad-supported media — free content in exchange for seeing ads — is losing its value, consultant PwC US wrote in a report commissioned by the IAB and released at the virtual gathering. “To put it bluntly, the old value exchanges are just not enough,” Sue Hogan, IAB senior vice president research and analytics said in a statement accompanying the report. “The model is broken. Publishers and media companies have to reimagine reciprocity or risk the flight of consumers to competitors.”

Among other trends to watch, says the statement about the report: Expect more “walled gardens” with higher walls, as third-party identifiers go away, watch retailers such as Walmart increasingly publish content on their websites; and “for all to thrive, hate speech, fraud and misinformation must be solved for.”  The PwC report was based on lengthy interviews with 20 ad and publishing execs.

Meanwhile, the affiliated IAB Tech Lab released for public comment a portfolio of standards for responsible “addressability and predictable privacy” — ways to target advertising without violating privacy laws or norms.  Deadline for comments is May 7, and during an “Addressability Solution Road Show” on March 24. The package includes two drafts, “Best Practices for User-Enabled Identity Tokens” and “Taxonomy and Data Transparency Standards to Support Seller-defined Audience and Context Signaling.”

A keynote speaker to the IAB meeting, Sen. Wyden pushed his 2019 universal opt-out law (see BILL TEXT  and a law firm’s analysis of the Wyden bill and Wyden’s one-page description.) “There are some aspects of advertising technology that are going to have to change,” Wyden warned the IAB audience.

RELATED LINKS

• IAB Tech Lab Proposes Specs For Accountability And Addressability | Allison Schiff, AdExchanger.com
• Gaps remain in industry guidelines for controversial email-based identity tech | Kate Kaye, DigiDay.com
• IAB Tech Lab opens ‘Project Rearc’ for public comments | IAPP Daily Dashboard

AD TECH 

• EXPLAINER: How brands will target ads to you after the death of browser cookies | Paresh Dave & Sheila Dang, Reuters PLC
• Ex-Facebook employees detail impact of Apple’s upcoming anti-tracking privacy feature | Mikey Campbell, AppleInsider.com
• Firefox Total Cookie Protection comes to mobile and desktop versions | Jack Wallen, TechRepublic.com
• The Trade Desk battle with Google-Amazon heats up | Lauren Johnson, BusinessInsider.com
• Will Apple privacy changes make it harder to measure ads? | Tanya Dua, BusinessInsider.com
• OPINION: Meredith exec writes about cookies and murky supply chains | Nicole Lesko via AdExchanger.com

EU PRIVACY 

• Apple’s Personalized Ads System Targeted in Privacy Complaint to French Data Regulator | Tim Hardwick, MacRumors.com
• French startup lobby targets Apple with ‘privacy hypocrisy’ complaint | Natasha Lomas, TechCrunch.com | RELATED STORY
• ROUNDUP: Replacement for “Privacy Shield” not likely soon | Jennifer Bryant, Joseph DuBall & Ryan Chiavetta, IAPP Staff
• EU authorities want “absolute guarantee” U.S. surveillance state can’t see data | Samuel Stolton, Euractiv.com
• EU Privacy vs.  U.S. Surveillance: Solving the Problem of Transatlantic Data Transfers | Peter Margulies, & Ira Rubinstein, LawfareBlog.com

GLOBAL PRIVACY 

• Google Pay adds transaction-deletion privacy option for Indian market | TheHindu.com | RELATED STORY
• Digital identity scheme shot down by  Swiss voters over data privacy concerns | Urs Geiser, SwissInfo.ch
• Use encrypted personal number for privacy, South Korea tells public | South Korea Sentinel
• In India, an appeal to government, tech firms to protect privacy, free speech | TheQuint.com